Its easy to say "They need to add TouchID", implementation is a different story.
The TouchID and FaceID communicate with their own specially designed coprocessor (Secure Enclave) that is isolated from the phone in nearly every way it can be. That would need to completely redesign for the Secure Enclave coprocessor to work with both biometrics at the same time, sharing an encrypted rotating key with an additional sensor w/o actually sharing it though.
The Secure Enclave is located on the SoC. So they would would also need to redesign the A15 Bionic (or whatever their next chip is going to be called) to make room for this hybrid Secure Enclave and its isolated memory.
Apples security certification would no longer be valid (
https://support.apple.com/en-us/HT202739) because FaceID replaced TouchID with a higher level of security for 3rd party apps so devs didn't need to do anything. That doesn't work in reverse so devs will need to:
-Certify a lower level of security is ok for their app.
-Rewrite their app to except two forms of biometric API which will take months after the next iPhone release like it has in the past so apps wont work (btw 2 points of entry so even less secure then just TouchID or just FaceID).
iOS will need to accommodate a method of defaulting biometric popup when using ApplePay or entering secure areas of the phone like Keychains, etc.
TouchID sensor will need to be put on the phone. This sensor isn't like standard sensors on other phones. Apple uses a lot higher detail and resolution for ridge data and such. Back would be tough because of the wireless charger, front under the screen might be possible for them however without compromising their OLED and maintaining that fingerprint resolution and such I'm sure it will require new tech that's not like other under screen sensors.
So basically all the iPhones hardware from SoC to screen from case to memory, iOS itself, the security OS that runs on Secure Enclave including boot rom and system encryption decryption, plus all the apps that use FaceID/TouchID APIs would need to be completely reworked/replaced.
Doing something like that only makes sense if you are introducing "the next big thing". It does not make sense to solve a temporary inconvenience with some old less secure tech implementation. Apple is a business and this won't sell that many more iPhones if any at all. It will cost them a fortune. Reviews would almost certainly criticize it "TouchID....again!". Plus they already made a solution with the Apple Watch.
Three solutions I see....
1. Something new, something better than TouchID and/or FaceID. Something that I (we) can't think of because its just that good....
2. If you want to wear a mask forever that is your right, I support that but you'll need to deal with it, pandemics aren't convenient. You have to type in a password, could be worse you could be one of the 4million people that died.
3. If you need to wear a mask (mandate). Just wait it out. Pandemics don't last forever, there have dozen of worldwide pandemics, hundreds of country/continent sized pandemics and thousands of isolated pandemics. We wore mask for them and took them off when it was over. A mask is the bare minimum protection its not a solution no more than "pulling out" is a solution to unplanned parenthood. You might get lucky and it help...
